// For flags

CVE-2016-1518

Grandstream Wave 1.0.1.26 Man-In-The-Middle

Time Line
Published
2024-03-19
Updated
2024-03-19
Firt exploit
2024-03-19
Overview
Descriptions (3)
NVD, NVD, PS
CWE (1)
CWE-284: Improper Access Control
CAPEC (-)
Risk
CVSS Score
8.1 High
SSVC
-
KEV
-
EPSS
0.3%
Affected Products (-)
Vendors (1)
grandstream
Products (1)
wave
Versions (1)
<= 1.0.1.26
Intel Resources (2)
Advisories (2)
PacketStorm
Exploits (-)
-
Plugins (-)
-
References (3)
General (3)
packetstormsecurity, securityfocus ...
Exploits & POcs (-)
Patches (-)
Advisories (-)
Summary
Descriptions

The auto-provisioning mechanism in the Grandstream Wave app 1.0.1.26 and earlier for Android and Grandstream Video IP phones allows man-in-the-middle attackers to spoof provisioning data and consequently modify device functionality, obtain sensitive information from system logs, and have unspecified other impact by leveraging failure to use an HTTPS session for downloading configuration files from http://fm.grandstream.com/gs/.

El mecanismo de aprovisionamiento automático en la Grandstream Wave app 1.0.1.26 y versiones anteriores para Android y teléfonos Grandstream Video IP permite a atacantes man-in-the-middle suplantar los datos de aprovisionamiento y, en consecuencia, modificar la funcionalidad del dispositivo, obtener información sensible de los registros del sistema y otro impacto no especificado aprovechando el fallo de no utilizar una sesión HTTPS para descargar archivos de configuración desde http://fm.grandstream.com/gs/.

The Grandstream VoIP products deploy a remote provisioning mechanism that allows to automatically set configuration elements on phone/app startup. By default, an insecure connection to `fm.grandstream.com` is used to obtain the provisioning profile. An active attacker can redirect this request and change arbitrary values of the configuration. This allows to redirect phone calls through a malicious server, turn the phone into a bug, change passwords, and exfiltrate system logs (including the phone numbers dialed by the user).

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2016-01-07 CVE Reserved
  • 2016-03-17 CVE Published
  • 2024-08-05 CVE Updated
  • 2024-12-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-284: Improper Access Control
CAPEC
Threat Intelligence Resources (2)
Security Advisory details:

Select an advisory to view details here.

Select an exploit to view details here.

Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Grandstream
Search vendor "Grandstream"
 Wave
Search vendor "Grandstream" for product "Wave"
 <= 1.0.1.26
Search vendor "Grandstream" for product "Wave" and version " <= 1.0.1.26"
android
Affected